Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/80447f-4edd-4a2c-80e2-b97cb6307724/1/1-5-Sq6_v5s2-d4PXHLcia4OdTAM.roa
File:                     1-5-Sq6_v5s2-d4PXHLcia4OdTAM.roa (raw, json)
Hash identifier:          mpnuOsqUPAdjcQUacFWT+JDE+aGA1fK+jfPY/8vBMvE=
Subject key identifier:   FB:9F:92:AB:AF:EF:E6:CD:BE:77:83:D7:1C:B7:22:6B:83:9D:4C:03
Certificate issuer:       /CN=9a5a982e58ee550ad9fc53ae05e90ebde2dc225b
Certificate serial:       018CC493784BCC6836688B4C75947D11502D
Authority key identifier: 9A:5A:98:2E:58:EE:55:0A:D9:FC:53:AE:05:E9:0E:BD:E2:DC:22:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mlqYLljuVQrZ_FOuBekOveLcIls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/80447f-4edd-4a2c-80e2-b97cb6307724/1/1-5-Sq6_v5s2-d4PXHLcia4OdTAM.roa
Signing time:             Mon 01 Jan 2024 10:30:47 +0000
ROA not before:           Mon 01 Jan 2024 10:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        195.69.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/80447f-4edd-4a2c-80e2-b97cb6307724/1/mlqYLljuVQrZ_FOuBekOveLcIls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/80447f-4edd-4a2c-80e2-b97cb6307724/1/mlqYLljuVQrZ_FOuBekOveLcIls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mlqYLljuVQrZ_FOuBekOveLcIls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:78:4b:cc:68:36:68:8b:4c:75:94:7d:11:50:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a5a982e58ee550ad9fc53ae05e90ebde2dc225b
        Validity
            Not Before: Jan  1 10:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb9f92abafefe6cdbe7783d71cb7226b839d4c03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:53:c3:27:34:d5:21:83:a2:f9:a8:da:ee:e5:
                    32:a1:50:0f:4b:f4:9b:a0:e3:b5:1b:42:0c:bd:e9:
                    e4:e7:80:0e:5a:88:15:30:36:ff:e0:a1:1e:c0:a9:
                    02:62:00:81:d8:1e:2a:46:ce:24:db:f3:cf:8a:a5:
                    41:53:9b:e8:5c:71:b2:2b:63:ce:76:a3:3f:7f:81:
                    a9:d7:4b:6a:65:6b:0a:c3:74:ac:b5:f9:01:66:11:
                    cf:e2:ce:7d:31:f9:08:b7:e4:89:a6:ea:7d:2a:e7:
                    87:dc:46:65:1d:76:c3:5b:bc:21:3f:f5:35:bb:44:
                    ce:c1:06:1f:6a:b0:87:6d:b1:4d:e3:5b:d7:d2:78:
                    39:95:02:e6:c4:19:36:2f:53:f2:f2:e0:64:97:7e:
                    e7:7c:ea:0a:a1:7b:79:1d:5a:a9:3b:53:c8:55:50:
                    c3:08:10:dc:1d:bd:97:74:63:7d:ab:ef:1f:4a:16:
                    72:80:bc:5b:41:6b:09:13:2b:50:a7:63:52:f2:a3:
                    2e:9f:1d:ef:24:ca:19:5f:85:30:87:75:e6:83:71:
                    c0:50:cb:be:2f:0c:12:7b:3c:8b:cc:28:f2:47:f6:
                    39:bc:77:34:91:f6:f0:f3:eb:3f:b4:2e:45:65:d5:
                    bd:27:35:35:29:b2:d8:60:c7:f4:fb:39:66:b4:ff:
                    f9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:9F:92:AB:AF:EF:E6:CD:BE:77:83:D7:1C:B7:22:6B:83:9D:4C:03
            X509v3 Authority Key Identifier:
                keyid:9A:5A:98:2E:58:EE:55:0A:D9:FC:53:AE:05:E9:0E:BD:E2:DC:22:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mlqYLljuVQrZ_FOuBekOveLcIls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/80447f-4edd-4a2c-80e2-b97cb6307724/1/1-5-Sq6_v5s2-d4PXHLcia4OdTAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/80447f-4edd-4a2c-80e2-b97cb6307724/1/mlqYLljuVQrZ_FOuBekOveLcIls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.69.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:95:e8:61:1d:ca:29:03:d8:70:ce:0a:9a:b3:22:81:88:9f:
         31:61:40:7f:d3:60:0d:27:97:82:09:dc:50:e4:f4:4f:85:9b:
         b9:32:62:da:94:c6:cc:63:fc:fd:fe:a5:d1:16:8a:d7:a4:a8:
         cd:94:22:64:50:08:c8:f1:e1:8f:86:d8:b6:88:ea:0c:67:71:
         31:05:84:03:6d:19:d0:2f:9f:7e:b7:1c:f9:3a:18:96:31:84:
         aa:dc:74:f4:ef:93:0e:3f:eb:4b:8a:31:85:71:e1:56:2d:b6:
         41:d5:d7:f2:e1:19:16:6c:f3:1b:11:ee:5b:87:78:f6:9a:e8:
         64:09:eb:3f:58:81:2f:0e:57:df:b6:76:84:b3:0a:83:82:fb:
         77:0f:97:19:f5:12:3c:43:64:09:ba:c5:c3:fc:8c:fa:c2:db:
         c7:0f:b5:06:cd:37:25:c8:c2:52:24:70:98:99:0a:5b:c9:a8:
         f0:fe:2b:19:33:d6:57:6d:f7:60:f2:f0:47:2f:bd:15:71:18:
         d9:f1:54:27:2e:71:24:4d:42:9e:3c:bc:cf:70:57:10:65:e9:
         8a:c6:55:87:27:d1:bb:a2:5c:03:dd:f7:1e:9d:79:a7:1d:46:
         47:94:65:fa:ba:4c:4c:4f:4f:72:b8:ac:d2:0f:1a:97:b9:20:
         31:9a:91:b9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEk3hLzGg2aItMdZR9EVAtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNWE5ODJlNThlZTU1MGFkOWZjNTNhZTA1ZTkwZWJkZTJk
YzIyNWIwHhcNMjQwMTAxMTAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjlmOTJhYmFmZWZlNmNkYmU3NzgzZDcxY2I3MjI2YjgzOWQ0YzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7FPDJzTVIYOi+aja7uUyoVAPS/Sb
oOO1G0IMvenk54AOWogVMDb/4KEewKkCYgCB2B4qRs4k2/PPiqVBU5voXHGyK2PO
dqM/f4Gp10tqZWsKw3SstfkBZhHP4s59MfkIt+SJpup9KueH3EZlHXbDW7whP/U1
u0TOwQYfarCHbbFN41vX0ng5lQLmxBk2L1Py8uBkl37nfOoKoXt5HVqpO1PIVVDD
CBDcHb2XdGN9q+8fShZygLxbQWsJEytQp2NS8qMunx3vJMoZX4Uwh3Xmg3HAUMu+
LwwSezyLzCjyR/Y5vHc0kfbw8+s/tC5FZdW9JzU1KbLYYMf0+zlmtP/5HQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPufkquv7+bNvneD1xy3ImuDnUwDMB8GA1UdIwQY
MBaAFJpamC5Y7lUK2fxTrgXpDr3i3CJbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWxxWUxsanVWUXJaX0ZPdUJla092ZUxjSWxzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC84MDQ0N2YtNGVkZC00YTJjLTgwZTIt
Yjk3Y2I2MzA3NzI0LzEvMS01LVNxNl92NXMyLWQ0UFhITGNpYTRPZFRBTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODQvODA0NDdmLTRlZGQtNGEyYy04MGUyLWI5N2NiNjMwNzcy
NC8xL21scVlMbGp1VlFyWl9GT3VCZWtPdmVMY0lscy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMNFojAN
BgkqhkiG9w0BAQsFAAOCAQEAGZXoYR3KKQPYcM4KmrMigYifMWFAf9NgDSeXggnc
UOT0T4WbuTJi2pTGzGP8/f6l0RaK16SozZQiZFAIyPHhj4bYtojqDGdxMQWEA20Z
0C+ffrcc+ToYljGEqtx09O+TDj/rS4oxhXHhVi22QdXX8uEZFmzzGxHuW4d49pro
ZAnrP1iBLw5X37Z2hLMKg4L7dw+XGfUSPENkCbrFw/yM+sLbxw+1Bs03JcjCUiRw
mJkKW8mo8P4rGTPWV233YPLwRy+9FXEY2fFUJy5xJE1Cnjy8z3BXEGXpisZVhyfR
u6JcA933Hp15px1GR5Rl+rpMTE9Pcris0g8al7kgMZqRuQ==
-----END CERTIFICATE-----